(By Professor David Stupples) – Since the Stuxnet attack on Iran’s uranium enrichment facility, probably by Israel, Iran has been investing heavily in cyber/information warfare. Today it is considered to be in the premier league of state-sponsored cyber terrorism supporting is QUD terrorist activity.

It is widely accepted that Iran was responsible for major cyber attacks against a number of Gulf States and against Saudi oil facilities over the past 5 years. Both the US and EU countries have reported Iranian cyber attacks within their borders, most of which have been intelligence gathering. Iran believes that its cyber/information warfare capabilities could harm Western interests.

Its kinetic warfare capability is limited to the Middle East region and so a series of substantial cyber attacks could be the retribution it is looking for.

The targets likely to be attacked will be those that are visible to the population as a whole. Targets that will put fear into the population by exposing the vulnerability of the US to cyber attack. It will also undermine the authority of the President and central government.

The likely attacks will be petro-chemical plants, nuclear power stations, transport (shipping and air travel) and pharmaceutical companies. The objective will be to attack industrial control or air traffic control systems to cause safety features to become unstable and/or unsafe. For example SCADA (Supervisory Control & Data Acquisition) systems are fundamental to the operational effectiveness and safety of nearly all complex industrial plant. At the heart of the SCADA is computer processing and a complex communication system.

Iran is known to have the capability of attacking SCADA with quite staggering results – one example being ARAMCO two/three years ago. Iran is thought to be developing its cyber/information warfare capability in cooperation with North Korea, China and Russia. The US, like the UK, has been focusing its cyber protection on SCADA but it appears to be behind the curve. In fact the whole world appears to be behind the curve when it comes to State-sponsored cyber terrorism. More money is being invested in the ‘dark side’. The protection strategy of the US is to focus the defence mechanisms on cyber targets that have public safety connection. Iran only has to have one major success to be able to constantly threaten to repeat the exercise.